aires/nix-configuration
aires/nix-configuration
1
0
Fork 0
Code Actions Activity

Services: remove unused services (yes, including Cockpit)

Browse source
This commit is contained in:
Aires 2024-08-16 16:02:19 -04:00
parent 0e27201be5
commit fa9e58e895
4 changed files with 14 additions and 161 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
hosts/Dimaga/default.nix
View file

@ -10,8 +10,6 @@ let
services-root = "/storage/services";
subdomains = [
config.secrets.services.airsonic.url
config.secrets.services.cockpit.url
config.secrets.services.forgejo.url
config.secrets.services.gremlin-lab.url
config.secrets.services.jellyfin.url
@ -135,25 +133,6 @@ in
enable = true;
configText = builtins.readFile ./etc/apcupsd.conf;
};
airsonic = {
enable = true;
autostart = false;
home = "${services-root}/airsonic-advanced";
domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.airsonic.url;
};
cockpit = {
enable = true;
domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.cockpit.url;
};
jellyfin = {
enable = true;
autostart = false;
home = "${services-root}/jellyfin";
domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.jellyfin.url;
};
autoUpgrade = {
enable = false; # Don't update the system...
pushUpdates = true; # ...but do push updates remotely.
@ -162,10 +141,6 @@ in
user = config.users.users.aires.name;
};
boinc.enable = true;
cache = {
enable = false; # Disable for now
secretKeyFile = "${services-root}/nix-cache/cache-priv-key.pem";
};
duplicacy-web = {
enable = true;
autostart = false;
@ -182,6 +157,13 @@ in
token = config.secrets.services.forgejo.runner-token;
};
};
jellyfin = {
enable = true;
autostart = false;
home = "${services-root}/jellyfin";
domain = config.secrets.networking.primaryDomain;
url = config.secrets.services.jellyfin.url;
};
msmtp.enable = true;
netdata = {
enable = true;
@ -224,8 +206,7 @@ in
enable = true;
ports = [ config.secrets.hosts.dimaga.ssh.port ];
};
virtualization = {
host = {
virtualization.host = {
enable = true;
user = "aires";
vmBuilds = {
@ -235,7 +216,6 @@ in
};
};
};
};
users.aires = {
enable = true;

66
modules/services/cache.nix
View file

@ -1,66 +0,0 @@
# Serves a binary cache for Nix packages
{ config, lib, ... }:
let
cfg = config.aux.system.services.cache;
in
{
options = {
aux.system.services.cache = {
enable = lib.mkEnableOption (lib.mdDoc "Enables binary cache hosting.");
secretKeyFile = lib.mkOption {
default = "/var/cache-priv-key.pem";
type = lib.types.str;
description = "Where the signing key lives.";
};
};
};
config = lib.mkIf cfg.enable {
# Enable cache service
services = {
nix-serve = {
enable = true;
secretKeyFile = cfg.secretKeyFile;
};
nginx.virtualHosts."${config.secrets.services.cache.url}" = {
useACMEHost = config.secrets.networking.primaryDomain;
forceSSL = true;
locations."/" = {
proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
extraConfig = "proxy_ssl_server_name on;";
};
};
};
nix.settings = {
extra-substituters = [ "ssh://${config.secrets.services.cache.url}" ];
trusted-public-keys = [
"${config.secrets.services.cache.url}:mTYvveYNhoXttGOxJj2uP0MQ/ZPJce5hY+xSvOxswls=%"
];
};
# Run nightly builds for certain targets
systemd.timers."nix-distributed-build-timer" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = "true";
Unit = "nix-distributed-build.service";
};
};
systemd.services."nix-distributed-build" = {
# Add target names below as a new line
script = ''
set -eu
nh os build --update --hostname Khanda
'';
serviceConfig = {
Type = "oneshot";
User = config.users.users.aires.name;
};
};
};
}

61
modules/services/cockpit.nix
View file

@ -1,61 +0,0 @@
{ config, lib, ... }:
let
cfg = config.aux.system.services.cockpit;
in
{
options = {
aux.system.services.cockpit = {
enable = lib.mkEnableOption "Enables Cockpit monitoring.";
domain = lib.mkOption {
default = "";
type = lib.types.str;
description = "The root domain that Cockpit will be hosted on.";
example = "example.com";
};
url = lib.mkOption {
default = "";
type = lib.types.str;
description = "The complete URL where Cockpit is hosted.";
example = "https://cockpit.example.com";
};
};
};
config = lib.mkIf cfg.enable {
services = {
nginx.virtualHosts."${cfg.url}" = {
useACMEHost = cfg.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9090";
extraConfig = ''
# Taken from https://garrett.github.io/cockpit-project.github.io/external/wiki/Proxying-Cockpit-over-NGINX
# Required to proxy the connection to Cockpit
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
# Required for web sockets to function
proxy_http_version 1.1;
proxy_buffering off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
'';
};
};
cockpit = {
enable = true;
port = 9090;
settings = {
WebService = {
Origins = "https://${cfg.url} wss://${cfg.url}";
ProtocolHeader = "X-Forwarded-Proto";
};
};
};
};
systemd.services.nginx.wants = [ config.systemd.services.cockpit.name ];
};
}

2
nix-secrets

@ -1 +1 @@
Subproject commit 6ca21756c9f3653a0f1e60c5cb7abc8ea5ab0d46
Subproject commit d57c296dab0ec1e7c6f28c7741d9a591b35117da